From 8558f08e4885ed0dde206d6b0eed90640ff7e47e Mon Sep 17 00:00:00 2001 From: Vojtech Cerny Date: Wed, 15 Feb 2017 15:17:02 +0200 Subject: [PATCH 1/2] Conditional steps for LDAP/ACL --- .../Generate_Workspace.groovy | 72 +++++++---- workspaces/jobs/jobs.groovy | 112 +++++++++++------- 2 files changed, 124 insertions(+), 60 deletions(-) diff --git a/bootstrap/Workspace_Management/Generate_Workspace.groovy b/bootstrap/Workspace_Management/Generate_Workspace.groovy index 5fca393..0619065 100644 --- a/bootstrap/Workspace_Management/Generate_Workspace.groovy +++ b/bootstrap/Workspace_Management/Generate_Workspace.groovy @@ -6,7 +6,15 @@ def workspaceManagementFolder = folder(workspaceManagementFolderName) { displayN // Jobs def generateWorkspaceJob = freeStyleJob(workspaceManagementFolderName + "/Generate_Workspace") - + +def adopLdapEnabled = ''; + +try{ + adopLdapEnabled = "${ADOP_LDAP_ENABLED}".toBoolean(); +}catch(MissingPropertyException ex){ + adopLdapEnabled = true; +} + // Setup generateWorkspaceJob generateWorkspaceJob.with{ parameters{ @@ -20,26 +28,51 @@ generateWorkspaceJob.with{ preBuildCleanup() injectPasswords() maskPasswords() - environmentVariables { - env('DC',"${LDAP_ROOTDN}") - env('OU_GROUPS','ou=groups') - env('OU_PEOPLE','ou=people') - env('OUTPUT_FILE','output.ldif') - } - credentialsBinding { - usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") - } + if(adopLdapEnabled == true) + { + environmentVariables + { + env('DC', "${LDAP_ROOTDN}") + env('OU_GROUPS','ou=groups') + env('OU_PEOPLE','ou=people') + env('OUTPUT_FILE','output.ldif') + } + credentialsBinding + { + usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") + } + } } steps { shell('''#!/bin/bash - # Validate Variables pattern=" |'" if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..." exit 1 fi''') - shell('''# LDAP + conditionalSteps + { + condition + { + shell('''#!/bin/bash +if [ "${ADOP_ACL_ENABLED}" == "false" ] +then + exit 1 +fi +exit 0 + ''') + } + runner('DontRun') + steps { + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy') + } + } + if(adopLdapEnabled == true) { + shell(''' +# LDAP ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" @@ -55,15 +88,14 @@ VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') # Gerrit for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS do - username=$(echo ${user} | cut -d'@' -f1) - ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" -done''') + username=$(echo ${user} | cut -d'@' -f1) + ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" +done + ''') + } dsl { - external("workspaces/jobs/**/*.groovy") + external("workspaces/jobs/**/*.groovy") } - systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy') - systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy') - systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy') } scm { git { @@ -75,4 +107,4 @@ done''') branch("*/master") } } -} +} diff --git a/workspaces/jobs/jobs.groovy b/workspaces/jobs/jobs.groovy index 5cbfd07..12fafb4 100644 --- a/workspaces/jobs/jobs.groovy +++ b/workspaces/jobs/jobs.groovy @@ -11,6 +11,14 @@ def projectManagementFolder = folder(projectManagementFolderName) { displayName( // Jobs def generateProjectJob = freeStyleJob(projectManagementFolderName + "/Generate_Project") +def adopLdapEnabled = ''; + +try{ + adopLdapEnabled = "${ADOP_LDAP_ENABLED}".toBoolean(); +}catch(MissingPropertyException ex){ + adopLdapEnabled = true; +} + // Setup Generate_Project generateProjectJob.with{ parameters{ @@ -27,57 +35,81 @@ generateProjectJob.with{ preBuildCleanup() injectPasswords() maskPasswords() - environmentVariables { - env('DC',"${DC}") - env('OU_GROUPS','ou=groups') - env('OU_PEOPLE','ou=people') - env('OUTPUT_FILE','output.ldif') - } - credentialsBinding { - usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") + if(adopLdapEnabled == true) + { + environmentVariables + { + env('DC', "${LDAP_ROOTDN}") + env('OU_GROUPS','ou=groups') + env('OU_PEOPLE','ou=people') + env('OUTPUT_FILE','output.ldif') + } + credentialsBinding + { + usernamePassword("LDAP_ADMIN_USER", "LDAP_ADMIN_PASSWORD", "adop-ldap-admin") + } } sshAgent("adop-jenkins-master") } - steps { - shell('''#!/bin/bash -e - + steps + { + shell('''#!/bin/bash # Validate Variables pattern=" |'" -if [[ "${PROJECT_NAME}" =~ ${pattern} ]]; then - echo "PROJECT_NAME contains a space, please replace with an underscore - exiting..." - exit 1 +if [[ "${WORKSPACE_NAME}" =~ ${pattern} ]]; then + echo "WORKSPACE_NAME contains a space, please replace with an underscore - exiting..." + exit 1 fi''') - shell('''set -e -# LDAP -${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}.${PROJECT_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + conditionalSteps + { + condition + { + shell('''#!/bin/bash +if [ "${ADOP_ACL_ENABLED}" == "false" ] +then + exit 1 +fi +exit 0 + ''') + } + runner('DontRun') + steps { + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_admin.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_developer.groovy') + systemGroovyScriptFile('${WORKSPACE}/workspaces/groovy/acl_viewer.groovy') + } + } + if(adopLdapEnabled == true){ + shell(''' + # LDAP + ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -set +e -${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" -set -e + set +e + ${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" + set -e -ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') -DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') -VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') + ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') + DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') + VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') -# Gerrit -for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS -do - username=$(echo ${user} | cut -d'@' -f1) - ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" -done''') - shell('''#!/bin/bash -ex -# Gerrit -source ${WORKSPACE}/projects/gerrit/configure.sh -# Generate second permission repo with enabled code-review -source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review''') + # Gerrit + for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS + do + username=$(echo ${user} | cut -d'@' -f1) + ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" + done + + # Gerrit + source ${WORKSPACE}/projects/gerrit/configure.sh + # Generate second permission repo with enabled code-review + source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review + ''') + } dsl { - external("projects/jobs/**/*.groovy") + external("projects/jobs/**/*.groovy") } - systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_admin.groovy') - systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_developer.groovy') - systemGroovyScriptFile('${WORKSPACE}/projects/groovy/acl_viewer.groovy') } scm { git { From cc10701c4ad3822f5272894fc6d774920e10d760 Mon Sep 17 00:00:00 2001 From: "maris.bahtins" Date: Mon, 13 Nov 2017 13:27:56 +0200 Subject: [PATCH 2/2] Conditional steps for LDAP is it modifiable or not. --- .../Generate_Workspace.groovy | 28 ++++++--- workspaces/jobs/jobs.groovy | 59 +++++++++++-------- 2 files changed, 53 insertions(+), 34 deletions(-) diff --git a/bootstrap/Workspace_Management/Generate_Workspace.groovy b/bootstrap/Workspace_Management/Generate_Workspace.groovy index 0619065..3074d58 100644 --- a/bootstrap/Workspace_Management/Generate_Workspace.groovy +++ b/bootstrap/Workspace_Management/Generate_Workspace.groovy @@ -8,6 +8,7 @@ def workspaceManagementFolder = folder(workspaceManagementFolderName) { displayN def generateWorkspaceJob = freeStyleJob(workspaceManagementFolderName + "/Generate_Workspace") def adopLdapEnabled = ''; +def ldapIsModifiable = ''; try{ adopLdapEnabled = "${ADOP_LDAP_ENABLED}".toBoolean(); @@ -15,6 +16,12 @@ try{ adopLdapEnabled = true; } +try { + ldapIsModifiable = "${LDAP_IS_MODIFIABLE}".toBoolean(); +} catch(MissingPropertyException ex) { + ldapIsModifiable = true; +} + // Setup generateWorkspaceJob generateWorkspaceJob.with{ parameters{ @@ -71,16 +78,19 @@ exit 0 } } if(adopLdapEnabled == true) { - shell(''' -# LDAP -${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" -${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" - -set +e -${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" -set -e + if ( ldapIsModifiable == true) { + shell(''' + # LDAP + ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + set +e + ${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" + set -e + ''') + } + shell(''' ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') diff --git a/workspaces/jobs/jobs.groovy b/workspaces/jobs/jobs.groovy index 12fafb4..b13755e 100644 --- a/workspaces/jobs/jobs.groovy +++ b/workspaces/jobs/jobs.groovy @@ -12,6 +12,7 @@ def projectManagementFolder = folder(projectManagementFolderName) { displayName( def generateProjectJob = freeStyleJob(projectManagementFolderName + "/Generate_Project") def adopLdapEnabled = ''; +def ldapIsModifiable = ''; try{ adopLdapEnabled = "${ADOP_LDAP_ENABLED}".toBoolean(); @@ -19,6 +20,12 @@ try{ adopLdapEnabled = true; } +try { + ldapIsModifiable = "${LDAP_IS_MODIFIABLE}".toBoolean(); +} catch(MissingPropertyException ex) { + ldapIsModifiable = true; +} + // Setup Generate_Project generateProjectJob.with{ parameters{ @@ -39,7 +46,7 @@ generateProjectJob.with{ { environmentVariables { - env('DC', "${LDAP_ROOTDN}") + env('DC', "${DC}") env('OU_GROUPS','ou=groups') env('OU_PEOPLE','ou=people') env('OUTPUT_FILE','output.ldif') @@ -80,32 +87,34 @@ exit 0 } } if(adopLdapEnabled == true){ - shell(''' - # LDAP - ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" - ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" - ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" - - set +e - ${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" - set -e + if ( ldapIsModifiable == true ) { + shell(''' + # LDAP + ${WORKSPACE}/common/ldap/generate_role.sh -r "admin" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${ADMIN_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "developer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${DEVELOPER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" + ${WORKSPACE}/common/ldap/generate_role.sh -r "viewer" -n "${WORKSPACE_NAME}" -d "${DC}" -g "${OU_GROUPS}" -p "${OU_PEOPLE}" -u "${VIEWER_USERS}" -f "${OUTPUT_FILE}" -w "${WORKSPACE}" - ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') - DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') - VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') - - # Gerrit - for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS - do - username=$(echo ${user} | cut -d'@' -f1) - ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" - done + set +e + ${WORKSPACE}/common/ldap/load_ldif.sh -h ldap -u "${LDAP_ADMIN_USER}" -p "${LDAP_ADMIN_PASSWORD}" -b "${DC}" -f "${OUTPUT_FILE}" + set -e + ''') + } + shell(''' + ADMIN_USERS=$(echo ${ADMIN_USERS} | tr ',' ' ') + DEVELOPER_USERS=$(echo ${DEVELOPER_USERS} | tr ',' ' ') + VIEWER_USERS=$(echo ${VIEWER_USERS} | tr ',' ' ') + # Gerrit + for user in $ADMIN_USERS $DEVELOPER_USERS $VIEWER_USERS + do + username=$(echo ${user} | cut -d'@' -f1) + ${WORKSPACE}/common/gerrit/create_user.sh -g http://gerrit:8080/gerrit -u "${username}" -p "${username}" + done - # Gerrit - source ${WORKSPACE}/projects/gerrit/configure.sh - # Generate second permission repo with enabled code-review - source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review - ''') + # Gerrit + source ${WORKSPACE}/projects/gerrit/configure.sh + # Generate second permission repo with enabled code-review + source ${WORKSPACE}/projects/gerrit/configure.sh -r permissions-with-review + ''') } dsl { external("projects/jobs/**/*.groovy")